mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-25 23:42:41 +01:00
fix permission check for creating comment while mail (#22524)
only creating comment on locked issue request write permission, for others, read permission is enough. related to https://github.com/go-gitea/gitea/pull/22056 /cc @KN4CK3R --------- Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
parent
95d9fbdcf3
commit
48f5d51908
1 changed files with 7 additions and 1 deletions
|
@ -71,11 +71,17 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
|
|||
return err
|
||||
}
|
||||
|
||||
if !perm.CanWriteIssuesOrPulls(issue.IsPull) || issue.IsLocked && !doer.IsAdmin {
|
||||
// Locked issues require write permissions
|
||||
if issue.IsLocked && !perm.CanWriteIssuesOrPulls(issue.IsPull) && !doer.IsAdmin {
|
||||
log.Debug("can't write issue or pull")
|
||||
return nil
|
||||
}
|
||||
|
||||
if !perm.CanReadIssuesOrPulls(issue.IsPull) {
|
||||
log.Debug("can't read issue or pull")
|
||||
return nil
|
||||
}
|
||||
|
||||
switch r := ref.(type) {
|
||||
case *issues_model.Issue:
|
||||
attachmentIDs := make([]string, 0, len(content.Attachments))
|
||||
|
|
Loading…
Reference in a new issue